Comment 0 for bug 1383858

AppArmor has several optimization options that can be used to help speed up policy compiles for certain types of policy. Currently, we are using expr tree simplification option by default, which has dramatic affects on policy compiles for the evince profile. However, with click profiles not using expr tree simplification (ie, adding the '-O no-expr-simplify' option) can improve click policy generation by 44%.

The proper fix is to adjust expr tree simplification to not be more efficient, however, in the short term we can adjust the apparmor upstart job to use '-O no-expr-simplify' when compiling policy in /var/lib/apparmor/profiles but leave /etc/apparmor.d alone. We can do the same with click-apparmor.